Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security Apple

In an Unprecedented Move, Apple CEO Tim Cook Calls For Bloomberg To Retract Its Chinese Spy Chip Story (buzzfeednews.com) 162

Posted by msmash from the unprecedented dept.
John Paczkowski and Joseph Bernstein, reporting for BuzzFeed News: Apple CEO Tim Cook, in an interview with BuzzFeed News, went on the record for the first time to deny allegations that the company was the victim of a hardware-based attack carried out by the Chinese government. And, in an unprecedented move for the company, he called for a retraction of the story that made this claim. Earlier this month Bloomberg Businessweek published an investigation alleging Chinese spies had compromised some 30 US companies by implanting malicious chips into Silicon Valley bound servers during their manufacture in China. The chips, Bloomberg reported, allowed the attackers to create "a stealth doorway" into any network running on a server in which they were embedded. Apple was alleged to be among the companies attacked, and a focal point of the story. [...] "We turned the company upside down," Cook said. "Email searches, datacenter records, financial records, shipment records. We really forensically whipped through the company to dig very deep and each time we came back to the same conclusion: This did not happen. There's no truth to this." A Bloomberg spokesperson said, "We stand by our story and are confident in our reporting and sources."
This discussion has been archived. No new comments can be posted.

In an Unprecedented Move, Apple CEO Tim Cook Calls For Bloomberg To Retract Its Chinese Spy Chip Story More

In an Unprecedented Move, Apple CEO Tim Cook Calls For Bloomberg To Retract Its Chinese Spy Chip Story

Comments Filter:

  • And if the article was actually false... (Score:5, Insightful)

    by iCEBaLM ( 34905 ) on Friday October 19, 2018 @01:32PM (#57504920)

    ... he would be suing, not asking for a retraction.

    • Apple suing? That doesn't sound like the Apple I know!

    • Re:And if the article was actually false... (Score:5, Insightful)

      by decep ( 137319 ) on Friday October 19, 2018 @01:43PM (#57504996)

      Tim Cook is a smart man. Suing lends credence to the story.

      Also, he probably does not feel Bloomberg had any malice toward Apple in their story. By not suing, he is just calling the reporters overzealous idiots.

      Never attribute malice that which may be explained by stupidity. You just do not sue stupid.

      • Re: (Score:3, Insightful)

        by Junta ( 36770 )

        Well actualy, not suing leads credence to the story... If you go to court, then you are putting yourself more at risk than just asking for a retraction.

        However for Apple, I think asking for a retraction and trying to do it the 'gentle' way makes sense, they can't show significant fiscal harm.

        I would however not be surprised to see SuperMicro go full on lawsuit, they can easily show a lot of financial harm.

      • Worse than "credence" is discovery; if Apple sues they'll have to turn over their own evidence!

        • Re:And if the article was actually false... (Score:5, Insightful)

          by mirthful1 ( 5068349 ) on Friday October 19, 2018 @02:32PM (#57505292)
          Discovery would be fascinating for sure. For both parties. But Bloomberg can shield themselves behind anonymous sources who will likely never come forward. "Well, we're simply reporting what we were told..." At some point this gets to be about credibility. Apple has a LOT, especially when it comes to privacy. They stood up to the FBI 100%. Bloomberg BusinessWeek? Not a perfect record, to say the least. Given what I've read so far, I'm increasingly skeptical of the core story. Something happened a couple years ago, no doubt. How much is first hand and how much is 2nd hand hearsay? *shrug* But fun story... and even that leads me to lean towards BusinessWeek blew this story up because of the stuff going on with China.

    • Re: (Score:2, Insightful)

      by mujadaddy ( 1238164 )
      Undiscussed in all this is Why did both Apple and Amazon dump SuperMicro at roughly the same time?

      • Well for one, a trade war started with terrifs, raising probably raising the cost.
        Changes to the supply chain SuperMicro may not have been able to meet demand.
        Boost in Cost, sometimes a vendor get cocky and tries to raise the stakes only for it to massively backfire.
        Being that spyware was put on the chips, they probably didn't pass Apple and Amazons QC Requirements.
        Big companies are often really tough on vendors in general. Apple has Dumped Motorola to IBM, to Intel (There is even talk on dumping Intel)
        Con

      • You win the Internets! Too bad I don't have any mod points.

      • Re: (Score:2, Funny)

        by Aighearach ( 97333 )

        They're still insisting that it was a firmware-only bug, and that Bloomberg is confused. Bloomberg's reply is that they're not confused, there were a whole stack of security problems that they've uncovered evidence of.

        Between the two, one side (Apple) claiming knowledge of one exploint, and the other side (Bloomberg) claiming knowledge of multiple exploits, it seems obvious to me that if Bloomberg was wrong, Apple wouldn't know. You know what you do know, you don't know the things you never learned. You pro

        • Pretty much.

          Apple may be able to afford a lawyer or two. "Demanding" a retraction is like "threatening" to sue. Shit or get off the pot.

        • Also, at the time of the firmware bug Apple denied the story that they are now claiming is the real story.

      • Re:And if the article was actually false... (Score:5, Insightful)

        by Anubis IV ( 1279820 ) on Friday October 19, 2018 @03:19PM (#57505580)

        Why did both Apple and Amazon dump SuperMicro at roughly the same time?

        They didn't. Apple dumped SuperMicro in 2016 (i.e. a year after they allegedly found the chips) after an unrelated firmware incident. Amazon was still using SuperMicro boards as of earlier this year, which they even mentioned in their initial response to Bloomberg [bloomberg.com]:

        [I]n June 2018, researchers made public reports of vulnerabilities in SuperMicro firmware. As part of our standard operating procedure, we notified affected customers promptly, and recommended they upgrade the firmware in their appliances.

        I don't know where people got the false idea that they dumped SuperMicro at the same time. Moreover, if these malicious chips were real, the timeline makes no sense. Apple discovered these chips back in mid-2015, but then didn't dump SuperMicro for a full year? And Amazon knew about them too in 2015, but then didn't dump SuperMicro for three full years? It makes no sense.

    • Cook, at this point, has no standing.

      He has to show real damages and irresponsible or nefarious intent.

      Do so so, Apple would have to prove the Bloomberg to be incorrect and for reasons.

    • Suing opens them up to discovery about their security procedures... I don't think that would be in the company's best interests. Not a big fan of "security through obscurity", but you're better off having hackers know as little as possible about how you protect your servers.

    • Why bother suing when just asking politely would do?
      A legal suit will mean Apple (a secretive by nature company) will need to publicly show its proof, figure out what it damage is....
      Also politically Cook probably still wants to stay in good graces with the press. Especially as Trump is cutting more and more ties. The press is under a lot of pressure right now with violence against them, Apple doesn't need unnecessary negative press for fighting the media too.

    • The thing about suing, it's a spite reaction. One rarely gets out ahead financially, even when winning a civil lawsuit. It's more about killing parasites rather than letting them suck on you. It can also be used to force a set of future actions or agreement to the competitor that one is suing. And then there's the Streisand Effect. In other words, one doesn't bother suing even if they have a slam dunk case; they're still losing money prosecuting the suit.

      In this case, it would be a reputation suit. So

    • Re:And if the article was actually false... (Score:5, Insightful)

      by Chris Mattern ( 191822 ) on Friday October 19, 2018 @02:38PM (#57505336)

      In my opinion, assuming Tim Cook is in the right, it's reasonable to ask for a retraction first, and then sue if that's denied. You don't have to (and to my mind shouldn't) always dial your lawyers first.

      • Plus it makes you look like the good guy, and the defendant looks really shitty should the trial come around. You gave them every chance to not run the story by denying it on the record, then asking for a retraction on the record. They stood by it still, even after you conducted an internal investigation and have no record of anything close to what the story says.

        It probably gets pretty close to proving negligence, which allows you to turn a nice chunk of Bloomberg's bank account into Apple's bank account

    • Sue on what grounds? Libel/slander require proof of malice, not just inaccuracy.

    • According to the Supreme Court case Sullivan vs. NYT, it's really hard for a public company or public personality to win a libel case. You have to prove the reported acted with malice or knowledge they were false when they were reported. If they think it's true, that's good enough. So, any politician (for example) pretty much has the burden to prove intent to harm.

      A private person has better protection according to Gertz vs. Robert Welch. Basically, the idea is that any public figure (or major corporati

    • i still cannot get over "buzzfeed news" being used in a serious manner. remembering the internet before buzzfeed and the inception of, judging the book by the cover by name alone to me it sounds like it would just be another The Onion. i will say though, the capabilities that have been attributed to these chips that as pictured are like a resistor with 3 contacts i kind of doubt.

    • Re: (Score:2)

      by sjames ( 1099 )

      It's not that unusual to try to settle a matter privately before going to court. It should always be tried, and IMHO, judges shouldn't allow a suit until there has been at least some effort to settle the matter.

    • First step is asking for a retraction. If they don't, then you have damages as well when you sue them into oblivion because you can add negligence.

      IANAL

    • ... he would be suing

      You can only really successfully sue the media over a story that can easily be proven false. It's hard to do thanks to the protection afforded by anonymous sources.

  • I'd be willing to bet this is actually true and the companies don't want to publically admit it and have to recall billions are dollars in tech and they probably convinced the government it would be detrimental to the companies and rhwbeconomy for it to happen as well.

    • Re: Coverup (Score:1)

      by Anonymous Coward

      I bet the Bloomberg story is BS:
      https://arstechnica.com/information-technology/2018/10/supermicro-boards-were-so-bug-ridden-why-would-hackers-ever-need-implants/
      It is reasonable for Apple to want to protect its markets from the effects of a slanderous claim.

    • Re: (Score:2)

      by tlhIngan ( 30335 )

      I'd be willing to bet this is actually true and the companies don't want to publically admit it and have to recall billions are dollars in tech and they probably convinced the government it would be detrimental to the companies and rhwbeconomy for it to happen as well.

      Except neither Amazon nor Apple sell servers. And it's likely the Bloomberg article is true, but the timeline is wrong. It's not currently they've found the chips, but they found it years ago. Remember, both Amazon and Apple both ditched Super

  • Lets be real here. China, Russia, Japan, Taiwan, and even the Grand ol USA are all trying to do the exact same thing. There is exactly ZERO chance that over the last decade Apple was not the target of one of the above listed nations trying to inject compromised hardware into their supply chain. That is not a riff on Apple, they are a major international company, they are a target. What is a nock on Apple is that Cook is a child like idiot who denies an obvious problem. Cook could have been believed if he

    • Re: (Score:2)

      by guruevi ( 827432 )

      Why would you bother injecting hardware in a supply chain (which would be very expensive, on the order of millions of dollars per machine) when you can just hack their machines from the Internet?

      The SuperMicro BMC story is just as ludicrous - if you can reach the device, nobody updates the firmware and even if you do, there are still various Dropbear SSH and embedded HTTP server bugs. Why even bother installing a chip when you can just reprogram the firmware to dial home.

    • There is exactly ZERO chance that over the last decade Apple was not the target of U.S. of A. trying to inject compromised hardware into their supply chain

      Fixed that for you.

      As revealed in the Snowden leaks, the USA has been proven to do spying against its own citizens and against other countries in particular China, whereas all the Chinese hacking accusations so far are coming from the American cybersecurity companies (or its five eye partners) who have deep interested in framing a powerful foreign enemy, just like the military industrial complex accused Iraq of hiding WMDs before the Iraq War.

    • Re:"There's no truth to this." Child like nonsense (Score:4, Insightful)

      by Jahoda ( 2715225 ) on Friday October 19, 2018 @02:55PM (#57505426)
      What is a nock on Apple is that Cook is a child like idiot who denies an obvious problem

      And you have knowledge of this problem, and Tim Cook is an "idiot" because how? Because you are super sure that this must be the case? Because you see through the lies of Tim Cook to the truth of the incompetence of Apple Inc?

      But to flat out deny that essentially any nation state had ever compromised their supply chain is pathetic.

      Sure thing, internet dude. Whatever you say. You know the truth

    • Re: (Score:3)

      by brunes69 ( 86786 )

      Did you read the aricle?

      The article did not say "we suspect a nation state has the capability to compromise Apple's supply chain". Nor did the article did not say "a nation state has at some point compromised Apple's supply chain". Either of these could be forgiven.

      The article said "this specific nation state compromised Apple's supply chain in this exact way with this exact method during this time window". It was *extremely specific*, and provably false.

      • Re: (Score:2)

        by novakyu ( 636495 )

        It was *extremely specific*, and provably false.

        Assuming it's false. And if it is false, why isn't Apple out there actually proving that it's false, rather than oh-so-gently asking for a retraction (pretty please)?

           

        • Re:"There's no truth to this." Child like nonsense (Score:5, Informative)

          by painandgreed ( 692585 ) on Friday October 19, 2018 @04:57PM (#57506276)

          It was *extremely specific*, and provably false.

          Assuming it's false. And if it is false, why isn't Apple out there actually proving that it's false, rather than oh-so-gently asking for a retraction (pretty please)?

          And how do you prove that something never happened? Bloomberg claims that at least three Apple employees informed them that compromised server were found. Both Bloomberg and Apple say that Bloomberg then informed Apple, Apple investigated, and found no evidence of any of this happening. They don't even know which employees, so they can't even ask them. So, there is a giant conspiracy to keep Apple upper management from finding out about this or there is a giant conspiracy keeping not just all Apple employees that know about this from speaking out publically, but also the other "almost 30 companies" that these chips were also found out according to Bloomberg, including Amazon, Elemental, and the US government. Plus the security company in Canada that supposedly found the chips in question when Amazon found strangeness and sent them to be checked out. Amazon has also stated they have found no evidence of this ever happening and have no idea what Bloomberg is talking about, right in the original article.

          • Re: (Score:2)

            by novakyu ( 636495 )

            You can't have it both ways. Either it is "provably false" (according to parent there), or "you can't prove a negative". If it's the latter (as you claim it), then it's not "provably false."

            Either way, I'm in the happy place of being correct, which is the best thing in the world (being right on the Internet, that is).

      • Yes the story is specific, and Cooks response was general. "There's no truth to this." As per my first statement, that response does not mean, that Bloomberg got "A" detail wrong." There's no truth to this." His statement implies ALL of the details were wrong. He is not just saying that the particular components were not compromised. He is saying that none of Apples components were ever compromised. Which is the nonsensical part. His response is broader than the specific story.
  • ... those who deny do so because they would endanger their profit in China ? I don't know how far manufacturers such Supermicro can go. But we've seen intel and AMD go pretty far with their "CPU in the CPU". So I'm more likely to buy the technical possibility, and doubt about the denial. But doubt anyway.

    • The problem with your comment is that you make it clear you don't understand what a CPU is, from a technology/manufacturing perspective.

      Saying "CPU in the CPU" has as much meaning as "a play within a play." It is 100% subjective, and the outermost "play" is still the only play involved; the other play is actually part of the first play! There is only physically one play, but subjectively it can be seen as two.

      Some of the chips I work with are made from numerous processors; multiple "cores," plus embedded sm

      • I'm perfectly aware of what a SoC or SoP is, I'm also working with some from NXP, STM, Cypress, Microchip ... I even saw some of those amplifier chip integrating a CPU/DSP (although I never made code for one).

        May be I was not clear or incomplete. For sure, I'm French, if it can explain anything !

        In a SoC or a SoP, the different parts are detailed in the datasheets. They won't do anything unless you make them to. And in theory, 100% of the silicon is publicly described (so far so good ?).

        In an Intel

      • Saying "CPU in the CPU" has as much meaning as "a play within a play." It is 100% subjective, and the outermost "play" is still the only play involved; the other play is actually part of the first play! There is only physically one play, but subjectively it can be seen as two.

        tl;dr You object but still 100% agree anyway.

  • Email searches, datacenter records, financial records, shipment records.

    Why are you looking at emails and financial records? They're alleging that China hacked you by physically inserting a spy chip on your server motherboards. What makes you think your emails will have any evidence of this?

    • Re:Tim, did you look in the SERVERS? (Score:4)

      by Junta ( 36770 ) on Friday October 19, 2018 @01:52PM (#57505048)

      Because such findings would be documented, since the allegation is that they *discovered* such chips.

      • idk... sounds fishy to me. If someone says "Dude, your car's gas tank has a hole in it", do you go search your email and financial records to see it it's true? Why not go to your fucking car and examine the gas tank and see if there's a hole?

        • Re:Tim, did you look in the SERVERS? (Score:5, Insightful)

          by guruevi ( 827432 ) on Friday October 19, 2018 @02:29PM (#57505280)

          This is more about owning a fleet of thousands of cars across states and continents and then someone says "Dude, your car's gas tank had a hole punched in it by a police officer before it shipped to you from China". Then you do indeed go through the financial records and say "dude, we never purchased a car directly from China, moreover, nobody ever noticed a leak and nobody even reported a puddle of gas in any of our parking lots"

        • Re:Tim, did you look in the SERVERS? (Score:5, Insightful)

          by Junta ( 36770 ) on Friday October 19, 2018 @03:09PM (#57505514)

          The claim is that it happened in 2015, on servers that would be decommisioned by now.

          Part of the claim was that Apple reported the discovery.

          So it would be 'Ford says they had gas tanks with holes in them in their 2015 F150s" and Ford saying "We checked and show no documentation supporting this claim". They didn't have to start recalling all F150s to check gas tanks for whole because some random person claimed that *Ford* claimed it. There would be an expectation that the accusation would be supported by some sort of evidence.

          Here, the one named source of the original story came forward to say that he was the one who provided an actual picture of a signal coupler, and that the tone of the interviewer was basically that some *other* expert had answered 'hmm.. maybe a signal coupler?' and hypothesis upon hypothesis added up to 'we have *confirmed* that this specific pictured chip is a chinese plant'.

          The most likely theory was that in 2015 SuperMicro had some accindental infection on something, and that a security team said 'other vendors have better security practices'. These 'reporters' for bloomberg, however, weren't satisfied and went running vague idea through multiple sources divorced from the actual occurrence and each time asking 'well, hypothetically...' and then presenting the result as fact.

  • I don't think 'unprecedented' means what the sub thinks it means.

    • Unprecedented is the fact that Apple has never before asked a publication to retract their story, even in multiple instances when those stories have been shown to be false or even completely fabricated. So, yes, in this case it is unprecedented.

      • Re: (Score:2)

        by novakyu ( 636495 )

        Huh. What you are saying is Apple has a history of letting false stories stand without asking for a retraction. What's so special about this story? Does it contain an inconvenient truth?

      • Apple had a hissy fit about all the unapproved stories related to Job's cancer.

        Similarly with previews of prototype phones that were found in bars.

        Nothing unprecedented about apple managing their PR by shutting down (trying anyhow) stories they didn't like.

        • As I said, the unprecedented piece is that they have never asked for a story to be retracted. They may have not agreed with the press around Job's and his health issues, but they never asked to have those stories removed. Unless you can provide evidence of another instance where they specifically asked for a story to be retracted, then the use of "unprecedented" by the author of this story and in the headline are valid. While your original comment was about others not understanding the meaning of the word,

  • The chip story is probably fake (Score:5, Interesting)

    by xenog ( 3653043 ) on Friday October 19, 2018 @02:03PM (#57505124)
    I was reading in Ars Technica an article about Russian spies hacking athlete's doping test results. In the comment section someone I suspect to be a Russian troll was expressing mild outrage at the fact that Ars ran an article on that subject but hadn't yet mentioned anything about the Chinese chip hacking conspiracy, linking to the Bloomberg article. Both the quasi-science-fiction Bloomberg article allegations and the circumstances that led me to read it make me suspicious that it is probably fabricated. I don't think that Bloomberg journalists lied, but I consider it likely that they were fed false information that ended up in that article.

  • I miss the days... (Score:5, Insightful)

    by slack_justyb ( 862874 ) on Friday October 19, 2018 @03:02PM (#57505470)

    You know I miss the days when stories like this would pop up and the first thing everyone would do is produce actual proof. The story literally says that China planted chips in their servers, but since the planted would have happened before the actual knowing where the board was going, they would have had to planted thousands of chips into boards in hopes of hitting a good target. So that said, finding one of these chips out in the wild shouldn't be that difficult and yet, zero people have produced an actual chip to show the story true. We literally have the Fermi paradox here. SMB would have had to produce tens of thousands of these boards that would have ended up everywhere from some CIA bunker to some NAS server in a rando University. At some point, someone, somewhere would have uncovered this and barring some complex and massive cover story conspiracy, would have seen this story and ran to side with Bloomberg to validate their claim. And yet that has not happened

    So there is obviously something up here.

    One, it isn't as widespread as Bloomberg paints and the Chinese got incredibly lucky with where their hacked boards went in that they're all sitting in Apple/Amazon/CIA places where no one in their right mind would come forward.

    Two, it isn't as widespread as Bloomberg paints and there's maybe 1,000 - 100 boards out there and only one actually hit the target and the rest will be like finding a needle in a haystack.

    Three, it is as widespread as Bloomberg paints it and everyone is a complete moron at finding these things.

    Four, it is as widespread as Bloomberg paints it and the Chinese have invented a completely inconceivable clandestine process for hiding chips that far exceeds anything previously thought possible.

    Five, China has somehow invaded every aspect of the reseller market for these boards and anything that's left their intended target has been brought back via these channels to China to prevent the boards from leaking out to other sources.

    And hell there's likely more outcomes here than I'm covering but the point remains that given the massive claims that Bloomberg has made, some sort of hard proof should turn up and yet none has. That lack of hard proof makes me seriously question the accuracy of the story. It's an incredible claim, none the less, but count me as non-believer till I see some hard proof here. There's people who will see Cook's request as some sort of "proof" but that's just the deep down cynicism talking. This massive claim has been made, and Bloomberg really needs to back it up with something. And not that weak sauce story they printed about the researcher who found blah-blah-blah on the Ethernet port. Yeah, we all already knew about that trick. No I want to see this duplicitous capacitor or resistor looking chip that's somehow so well made that you can't tell the difference between it and an actual cap/resistor and somehow invades the board enough to leak useful info or make susceptible to an outside actor in a way that's undetectable. Because the engineering feat required to get that done isn't something I would normally attribute to Chinese scientist.

    Yes, Apple and Amazon have both sued SMB before for crappy firmware. And if the story said, "They're putting super hidden firmware inside the board" I'll be honest with you, I'd be on the believer side having beers with the buds there. But this chip thing is a whole another level. Bloomberg needs to put up or shut up at this point. I'll be more than happy to eat my words if proof come across the table till then, I just don't buy this story.

    • This makes a good point. There should be enough of the boards in question around to study (if there aren't, that would be its own interesting point to consider) Before we make this all about motives, lets see what the physical evidence is or is not. With that in hand, we can go the other way, and get a much better idea of what the actual motives are.

    • You know I miss the days when stories like this would pop up and the first thing everyone would do is produce actual proof. The story literally says that China planted chips in their servers, but since the planted would have happened before the actual knowing where the board was going, they would have had to planted thousands of chips into boards in hopes of hitting a good target.

      You have no understanding of the scale at which the cloud providers operate. Google, Facebook, Amazon, Apple, even Yahoo buy so many machines that they're ordering literally thousands at a time. Huge orders that the manufacturer damn well knows are going to one and only one customer, because they don't have thousands of boards just sitting on a shelf waiting for orders (it's called Just In Time Inventory management).

      Further, Google and Facebook, at least, and probably all of them are so big that they're g

      • Google, Facebook, Amazon, and Microsoft design and build all their own machines, boards, switches, routers, racks, you name it. Apple started later, but they might be there by now. Some of these and many other big companies publish their hardware designs in the Open Compute Project, which Facebook started in 2011. But the global supply chains always end up in China. Because of the size of these companies, every downstream supplier has dedicated processes, buildings, even companies. It's trivial to target th

  • Some insight from another motherboard vendor (Score:5, Interesting)

    by jacks smirking reven ( 909048 ) on Friday October 19, 2018 @03:38PM (#57505742)

    I got this email from Corvalent's mailing list (Corvalent is an industrial/embedded manufacturer). Had some of their insight into the whole ordeal which i found interesting.

    What is Corvalent’s Insight on Hardware Hacking?

    “It is our technical opinion that modifications of hardware, firmware and/or software are all possible ways to interfere with the normal operation of boards. Each of them has advantages and disadvantages, including technical complexity, ease of detection, and cost of implementation,” said Martin Rudloff, Corvalent’s CTO. “Typically this means that for someone to deploy an attack of the scope reported by Bloomberg in its Super Micro feature, the target must be specific and worthwhile in order to justify the high cost involved. Targeting only one or a few major companies would also minimize the risk of discovery.”

    “Without deeper knowledge of the hardware and the software running on a server, information gathered from it may not allow a thief to decode or understand what the data means. And without knowing the end users’ security measures, we find it unlikely that the information could be forwarded to an external recipient,” added Rudloff.

    Curiosity kicked in when we were discussing the level of difficulty in modifying the RJ45, so we decided to open one and check it out firsthand. As you can see below, it is very hard to open the metal enclosure without damaging it. The interior is fully packed, leaving little space to add additional circuitry. A fully assembled modified unit would probably be a better choice, but would involve the highly sophisticated effort of tapping into the supply chain and replacing the original parts with counterfeits.

      Should we Question Such a Significant Story?

    Bloomberg is a trusted new source with impeccable standards for truth and accuracy in reporting. Even so, it is possible that the story is incorrect. Sources provided data they understood to be accurate and truthful based on reports seen by them only; however, these were not shared with Bloomberg directly. There are technical inconsistencies to consider as well.

    It should be possible to detect oddities in network traffic coming from a BMC behaving in unexpected ways. Alterations to the kernel and software stack should also set off alarms during or after system boot.

    The chip pictured in the Bloomberg story fits on the tip of a pencil, yet it purportedly holds enough data to replace the data extracted from the BMC, alter the existing OS, and implement backdoor system access. This means the chip must either be larger than pictured or is using new lithography.

    Why go to the trouble of placing a new chip on the board instead of a backdoor version of one already certified as part of the design?

    Strong and specific denials by Amazon and Apple – different from the usual ‘we do not discuss issues of security as a matter of policy’– further stress the story’s validity.

  • Run your own company and leave running others to their owner. You got enough work at your hands as it is when I take a look at your more recent "success stories".

  • Yep.. thats says everything I need to know.
  • ... I am starting to believe that the most plausible explanation to this story is that Bloomberg did receive word from genuine agency members, which were following orders to spread a rumor damaging Chinese business and promoting the sales of devices that are back-doored by US agencies.
    I would still assume also the Chinese use such tampering techniques, but not in the precise way described.

Slashdot Top Deals

Say "twenty-three-skiddoo" to logout.

Close